Important: SDL

Issue Overview: A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow a...

Medium: mercurial

Issue Overview: An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function beuint32read located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service Segmentation fault or possibly ha...

Important: ruby

Issue Overview: An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8322 An issue was discovered in RubyGems 2.6 and...

Low: libjpeg-turbo

Issue Overview: A divide by zero vulnerability has been discovered in libjpeg-turbo in allocsarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.CVE-2018-11212 Affected Packages: libjpeg-turbo Note: This advisory is applicable...

Important: libvncserver

Issue Overview: LibVNC contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution CVE-2018-15127 Affected Packages: libvncserver Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

Medium: zsh

Issue Overview: An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line.CVE-2018-0502 It was discovered that zsh does not properly validate the shebang of input files and it truncates i...

Important: bind

Issue Overview: Improper fetch cleanup sequencing in the resolver can cause named to crash: A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to...

Low: wget

Issue Overview: CRLF injection in the urlparse function in url.c A CRLF injection flaw was found in the way wget handled URLs. A remote attacker could use this flaw to inject arbitrary HTTP headers in requests, via CRLF sequences in the host sub-component of a URL, by tricking a user running wget...

Important: git

Issue Overview: Command injection via malicious ssh URLs: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing...

Medium: subversion, mod_dav_svn

Issue Overview: It was discovered that Subversion's moddontdothat module and Subversion clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. An authenticated remote attacker can cause denial-of-service conditions on the server using...

Medium: bind

Issue Overview: Specific APL RR data could cause a server to exit due to an INSIST failure in apl42.c when performing certain string formatting operations. CVE-2015-8704 CVE-2015-8705 was also issued today for bind, but the Amazon Linux AMI's version of bind is not impacted by that CVE. Affected...

Medium: libpng

Issue Overview: Multiple buffer overflows in the pngsetPLTE and pnggetPLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19, allowing remote attackers to cause a denial of service application crash or...

Medium: postgresql93

Issue Overview: Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire...

Critical: docker

Issue Overview: The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. CVE-2015-3627...

Medium: facter

Issue Overview: Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges...

Medium: curl

Issue Overview: libcurl wrongly allows cookies to be set for TLDs, thus making them much broader then they are supposed to be allowed to. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. By not detecting and rejecting domain names...

Medium: transmission

Issue Overview: Integer overflow in the trbitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. Affected Packages:...

Medium: gnupg

Issue Overview: The douncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service infinite loop via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Affected Packages: gnupg...

Medium: openldap

Issue Overview: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the session context while it is...

Medium: gnupg

Issue Overview: GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. The compressed...

Important: bind

Issue Overview: A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. CVE-2013-2266 Affected Packages: bind Iss...

Important: bind

Issue Overview: A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an...

Medium: dbus

Issue Overview: It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application...

Medium: rubygems

Issue Overview: RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. Affected Packages: rubygems Issue Correction: Run yum update rubygems or yum update --advisory...

Medium: nginx

Issue Overview: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Affected Packages: nginx Issue Correction: Run yum updat...

Important: mysql

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102,...

Medium: dhcp

Issue Overview: A denial of service flaw was found in the way the dhcpd daemon handled DHCP request packets when regular expression matching was used in "/etc/dhcp/dhcpd.conf". A remote attacker could use this flaw to crash dhcpd. CVE-2011-4539 Affected Packages: dhcp Issue Correction: Run yum...

Medium: ca-certificates

Issue Overview: This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure PKI. It was found that a Certificate Authority CA issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdevl3rcv CVE-2025-22103 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying CVE-2025-22113...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6...

Important: httpd24

Issue Overview: Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to...

Medium: kernel

Issue Overview: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier...

Important: bind

Issue Overview: Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versio...

Important: kernel

Issue Overview: kernel: Type confusion in picknextrtentity, which can result in memory corruption. CVE-2023-1077 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Medium: freerdp

Issue Overview: FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in freerdpbitmapplanarcontextreset leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are n...

Low: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,...

Important: xorg-x11-server

Issue Overview: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer NOTE: https://lists.x.org/archives/xorg/2024-January/061525.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3 CVE-2023-6816 Reattaching to different master device...

Medium: ipa

Issue Overview: A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system...

Low: snakeyaml

Issue Overview: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. CVE-2022-38752 Affected Packages: snakeyaml Note: Th...

Important: thunderbird

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: mysql57

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

Important: open-vm-tools

Issue Overview: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be ab...

Medium: zlib

Issue Overview: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. CVE-2023-45853 Affected Packages: zlib Note: This advisor...

Medium: libtiff

Issue Overview: There exists one heap buffer overflow in TIFFmemcpy in tifunix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. CVE-2020-18768 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3...

Important: python-reportlab

Issue Overview: paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

Medium: poppler

Issue Overview: An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service DoS via crafted .pdf file to FoFiType1C::cvtGlyph function. CVE-2020-36023 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers t...

Medium: libxml2

Issue Overview: Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615 Affected Packages: libxml2 Note...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...